Introduction Flashcards
What are the two main approaches to information security?
The ability to resist certain threats, and the maintenance of objectives for the resources
Threats can give rise to what?
Violations
What are the three types of security violation?
Unauthorised information release, Unauthorised information modification and unauthorised denial of use
Security violations can occur because of what three things?
Inadequate physical controls, inadequate controls within a computer system and inadequate controls for communications networks
What is a vulnerability?
A vulnerability is a flaw in design or implementation of a system that could lead to a security violation
In order to exploit a vulnerability, what must be assumed of attackers?
Attackers must know about the vulnerability and must be able to exploit the vulnerability
What are the two main types of attacker?
Insider attacker and Outsider attacker
What is the CIA triad?
Confidentiality, prevention of unauthorised information release, Integrity, prevention of unauthorised information modification, and Availability, prevention of unauthorised denial of use
What can security be defined as in accordance with the CIA triad?
Security can be defined as meeting the CIA triad’s goals
When is a security goal from the CIA triad met?
A security goal is met if and when the corresponding security violation does not occur
Why is achieving a security goal difficult?
It is difficult to anticipate every way an attacker can cause a security violation
What is confidentiality?
Confidentiality is about preventing users from reading information they are not supposed to
What is integrity?
Integrity is ensuring that all information has been kept the way it is meant to be
What is availability?
Availability is ensuring that services are accessible on demand for authorised users
What is accountability?
Accountability is holding users accountable for all of their actions